This is the second part of the introduction to FireHOL article . It covers more advanced topics that you might find useful, such as defining new services, selective filtering, and NAT. I suggest you read the first part of the article if you haven’t done so. FireHOL by default comes with a large number of predefined services, including http, https, dhcp, icmp, samba, snmp, syslog, telnet, ssh, and so on. A complete list can be found here. However, if run application that does not exists in FireHOL service list, it’s very easy to add one.
Having firewall is one of the steps you can take to make sure that you machine is a little bit secure. This is achieved by opening access only to application or ports that you explicitly allow, and blocking the rest. This for me is a good practice, although some people might argue otherwise. For my Linux machines, I prefer to use FireHOL. FireHOL is not a firewall on its own, but a shell wrapper for Linux iptables firewall. It allows you to configure iptables rules in a descriptive, easy to understand language.
Source: FreeSoftwareMag - Posted by Benjamin D. Thomas
Good security is the basis of any viable website. With the internet being the most public of places, broken systems cost—money, reputations and possibly customer identities are the currency. Pro PHP Security, published by Apress and written by Chris Snyder and Michael Southwell, is a detailed and authoritive account of the security details that effect a successful deployment of a PHP website. The book ranges from the almost theoretical to the highly practical such as SQL injection attack hardening and validating user input. If you are a newbie programmer or a serious practitioner, you may still find highly relevant comfort and detail in the book. There may be monsters waiting in the dark.
Source: Techworld.com - Posted by Vincenzo Ciaglia
If you were to line up a hub, a switch and a router next to one another, at first glance you might think they look pretty much the same. While they do have some basic functionality in common, they are in fact very different beasts. If you can't tell your routers from your hubs, please read on -- this column is for you.
Researchers at Sandia National Laboratories have released a paper on a technique they have developed for passively fingerprinting wireless device drivers (PDF link below). The researchers comment, "This technique is valuable to an attacker wishing to conduct reconnaissance against a potential target so that he may launch a driver-specific exploit."
Today, Wi-Fi access points everywhere, and users becoming increasingly more sophisticated in their wireless network knowledge. One good tool for discovering Wi-Fi access points is a command-line utility called Kismet. It can help with a range of issues, from diagnosing Wi-Fi interference problems to finding a particular network in a sea of airborne bits.
OpenVPN is a tried and true VPN solution. It's totally secure and infinitely configurable. You can install and run this software without relying on a third party, but the fact that it’s open source and free is what really makes it stand out. OpenVPN can be a little daunting to configure the first time you jump into it, but once you get your configuration worked out, it’s a pleasure to use. After you have the software running on your network, it’s possible to seamlessly perform a great number of tasks. One of the most popular and practical uses for OpenVPN is its ability to enable secure surfing and home network access—whether you're out traveling or you're on an open wifi access point. It can also be used to connect separate remote networks together into one large network that is fully routable. As you can see, there’s really no limit to what you can do with OpenVPN.
Watching the news these past few weeks, you would think that hackers have taken over our cellphones. From the Paris Hilton phone hack (which was not Bluetooth-based), to the unintentional release of Fred Durst's (from the band Limp Bizkit) sex video - Wireless security has been thrust into the limelight. The proliferation of Bluetooth devices has made wireless communications easy and the Bluetooth group wants you to believe that this technology is safe from hackers. However, the guys from Flexilis, a wireless think-tank based in Los Angeles, beg to differ and they have a big freakin gun to "voice" their opinions.
In this paper, I describe how to write syslog messages to a MySQL database. Having syslog messages in a database is often handy, especially when you intend to set up a front-end for viewing them. This paper describes an approach with rsyslogd, an alternative enhanced syslog daemon natively supporting MySQL. I describe the components needed to be installed and how to configure them.
Source: Net-Security.org - Posted by Benjamin D. Thomas
Hello everyone, welcome to issue 8 of (IN)SECURE. We’re happy to report that our subscriber list is
growing strong. This, combined with the e-mails and quality article submissions, is a clear indication that
the security community has embraced this concept and found it to be a valuable resource.
This issue is packed full with material for every knowledge level and will especially be of interest to those
that want to know more about the inner workings of the Payment Card Industry since we got two articles
related to the topic.
